Skip to main content
Homarr uses environment variables for configuration. This guide covers all available environment variables and their usage.

Getting Started

When cloning Homarr, you’ll find a .env.example file. Copy this file to .env and populate it with your values: 
cp .env.example .env
The .env file is gitignored and should never be committed to version control as it contains sensitive information.

Required Variables

These environment variables are required for Homarr to function properly.
AUTH_SECRET
string
required
Secret key used by Auth.js for encrypting JWTs and mail hashes. While not actively used for encryption in Homarr, it’s required by Auth.js.Example:
AUTH_SECRET="supersecret"
SECRET_ENCRYPTION_KEY
string
required
A 32-byte (64 character) hex string used to encrypt integration secrets in the database. This is critical for security.Generate a key:
openssl rand -hex 32
Example:
SECRET_ENCRYPTION_KEY="0000000000000000000000000000000000000000000000000000000000000000"
Must be exactly 64 hexadecimal characters. If not set or invalid, Homarr will display a randomly generated key on startup.

Database Configuration

Homarr supports three database drivers: SQLite, MySQL, and PostgreSQL.
DB_DRIVER
string
default:"better-sqlite3"
Database driver to use.
DB_DRIVER='better-sqlite3'
DB_URL
string
required
Full path to your SQLite database file.
DB_URL='/path/to/your/database/db.sqlite'
Must be an absolute path, not a relative path.
Default in production: /appdata/db/db.sqlite

Authentication Configuration

See the Authentication Providers page for detailed authentication configuration.
AUTH_PROVIDERS
string
default:"credentials"
Comma-separated list of authentication providers to enable. Supported values: credentials, ldap, oidc.
AUTH_PROVIDERS="credentials,oidc"
AUTH_SESSION_EXPIRY_TIME
string
default:"30d"
How long user sessions remain valid. Accepts duration format (e.g., 30d, 7d, 12h).
AUTH_SESSION_EXPIRY_TIME="30d"
AUTH_LOGOUT_REDIRECT_URL
string
URL to redirect users to after logout. Must be a valid URL.
AUTH_LOGOUT_REDIRECT_URL="https://example.com/goodbye"

Redis Configuration

Redis is optional and used for caching and session management in distributed deployments.
REDIS_IS_EXTERNAL
boolean
default:"false"
Whether to use an external Redis server.
REDIS_IS_EXTERNAL=true
REDIS_HOST
string
Redis server hostname.
REDIS_HOST="localhost"
REDIS_PORT
number
default:"6379"
Redis server port.
REDIS_PORT="6379"
REDIS_USERNAME
string
Redis username for authentication.
REDIS_USERNAME="redis_user"
REDIS_PASSWORD
string
Redis password for authentication.
REDIS_PASSWORD="your_redis_password"
REDIS_TLS_CA
string
Path to TLS CA certificate for Redis connection.
REDIS_TLS_CA="/path/to/ca.crt"
REDIS_DATABASE_INDEX
number
Redis database index to use.
REDIS_DATABASE_INDEX="0"

Application Settings

LOG_LEVEL
string
default:"info"
Logging verbosity level. Available options: trace, debug, info, warn, error, fatal.
LOG_LEVEL='info'
LOCAL_CERTIFICATE_PATH
string
Full path to directory containing trusted SSL certificates. Used for connecting to services with self-signed certificates.
LOCAL_CERTIFICATE_PATH='/path/to/certificates'
Must be an absolute path. In production, defaults to /appdata/trusted-certificates if not set.
CRON_JOB_API_KEY
string
API key for internal communication between nextjs-api and tasks-api. Generated automatically on container start.Generate manually:
openssl rand -base64 32
This is generated automatically and typically doesn’t need manual configuration.
NO_EXTERNAL_CONNECTION
boolean
default:"false"
Disable all external network connections for air-gapped deployments.
NO_EXTERNAL_CONNECTION=true
TURBO_TELEMETRY_DISABLED
boolean
default:"1"
Disable Turborepo telemetry.
TURBO_TELEMETRY_DISABLED=1

Feature Flags

ENABLE_KUBERNETES
boolean
default:"false"
Enable Kubernetes integration features.
ENABLE_KUBERNETES=true
UNSAFE_ENABLE_MOCK_INTEGRATION
boolean
default:"false"
Enable mock integration for testing purposes. Only use in development.
UNSAFE_ENABLE_MOCK_INTEGRATION=true
This should only be enabled in development environments for testing.

Example Configuration

Here’s a complete example .env file for a production deployment:
.env
# Security
AUTH_SECRET="your-random-secret-here"
SECRET_ENCRYPTION_KEY="0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"

# Database (PostgreSQL)
DB_DRIVER='node-postgres'
DB_URL='postgres://homarr:password@localhost:5432/homarr'

# Authentication
AUTH_PROVIDERS="credentials,oidc"
AUTH_SESSION_EXPIRY_TIME="30d"

# OIDC Configuration
AUTH_OIDC_ISSUER="https://auth.example.com"
AUTH_OIDC_CLIENT_ID="homarr"
AUTH_OIDC_CLIENT_SECRET="your-oidc-secret"
AUTH_OIDC_CLIENT_NAME="SSO Login"

# Redis (optional)
REDIS_IS_EXTERNAL=true
REDIS_HOST="localhost"
REDIS_PORT="6379"

# Application
LOG_LEVEL='info'
TURBO_TELEMETRY_DISABLED=1

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us